Since Opnsense 24.7.x (I don't exactly know) I observed that the squid proxy does not automatically start after booting up the firewall. The current Opnsense version 24.7.12_2 has the same issue. I tried to investigate via command line with the following result
Starting the proxy manually often works but raises segfault. Communication from the clients to the proxy is possible:
root@host:~ # configctl proxy start
Segmentation fault
Starting squid.
__ok__
Stopping the proxy works:
root@host:~ # configctl proxy stop
OK
Restarting the proxy using the "restart" command often leads to that communication from the clients to the proxy is not possible. It also raises segfaults:
root@host:~ # configctl proxy restart
Segmentation fault
Performing sanity check on squid configuration.
2025/01/30 17:52:32| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/pre-auth/ipv4_fallback.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/pre-auth/rfc1918.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)
2025/01/30 17:52:37| WARNING: HTTP requires the use of Via
2025/01/30 17:52:37| Set Current Directory to /var/squid/cache
Segmentation fault
root@host:~ #
The system log shows that there could be a problem with binding the socket.
<13>1 2025-01-30T17:52:26+01:00 xxxxxxxxx.com opnsense 50236 - [meta sequenceId="1"] /usr/local/sbin/pluginctl: plugins_configure webproxy (1,restart)
<13>1 2025-01-30T17:52:32+01:00 xxxxxxxxx.com kernel - - [meta sequenceId="2"] <6>pid 64359 (squid), jid 0, uid 100: exited on signal 11 (no core dump - bad address)
<13>1 2025-01-30T17:52:37+01:00 xxxxxxxxx.com kernel - - [meta sequenceId="3"] <6>pid 66993 (squid), jid 0, uid 100: exited on signal 11 (no core dump - bad address)
But I don't have a clue where the segfaults come from. Has anybody observed similar issues or can give me a hint to investigate further (maybe I have overlooked an option to increase debug logging)?
Does anybody has an idea or observed a similar issue?
Same issue here.
Segmentation fault also popping up when verifying configuration file with the -k parse option.
squid -k parse
Try reinstall.
https://github.com/opnsense/plugins/issues/4500
Can anyone confirm that this issue is not causing Squid web proxy to malfunction in Opnsense version 25.1.1?
Further discussion in forum of version 25.1.1 (link (https://forum.opnsense.org/index.php?topic=45943.0))
Quote from: schnipp on February 04, 2025, 06:11:41 PMDoes anybody has an idea or observed a similar issue?
Yes, I have same error, did your issue resolved ?
To my knowledge a permanent workaround was added to FreeBSD ports which was released in OPNsense 25.1.10.
No, the issue of "segmentation fault" still persists in Opnsense 25.7.1. In case squid crashes it will automatically be restarted. So, despite the log entries I never observed any interruptions of the squid service anymore.
The silence in the GitHub plugin repo regarding the issue disagrees with your blanket statement, but I'm not here to challenge you on a local issue that may persist.
Personally, I don't like the fact that people come and complain about issues but once they are gone do not bother to give useful feedback. It is what it is, though.
Cheers,
Franco
Quote from: franco on September 01, 2025, 09:14:09 AMThe silence in the GitHub plugin repo regarding the issue disagrees with your blanket statement, but I'm not here to challenge you on a local issue that may persist.
The reason for this is likely that the GitHub issue doesn't reflect the observations I started the thread with. While the GitHub entry discusses an unclean shutdown, this thread is about startup problems with the proxy. The root cause may be the same. Since the problem I observed wasn't always reproducible, root cause analysis wasn't easy either. The current observation (checked recently) is that the Squid proxy sporadically crashes with a segfault, but restarts automatically. The previously mentioned command "squid -k parse" also ends with a segfault.
Quote from: franco on September 01, 2025, 09:14:09 AMPersonally, I don't like the fact that people come and complain about issues but once they are gone do not bother to give useful feedback. It is what it is, though.
Calm down, with posts like these, the community forum is sure to be successful in the long run. There can be countless reasons why someone stops responding to a thread. In the past, at least one of them was that the email notification wasn't working reliably.
I really don't need to calm down. I'm just pointing out that people have to be realistic and put in the necessary work if they want to see a change either way.
Cheers,
Franco